From f9fee2df700228d5a8624afdc0701f4b90d9a8bf Mon Sep 17 00:00:00 2001
From: Matthias Jentsch <matthias.jentsch@netways.de>
Date: Tue, 4 Nov 2014 12:35:41 +0100
Subject: [PATCH] Do not interrupt authentication chain on invalid ldap
 connection infos

Catch LdapExceptions and throw AuthenticationException to not interrupt authentication chain

fixes #7497
---
 .../Authentication/Backend/LdapUserBackend.php     | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/library/Icinga/Authentication/Backend/LdapUserBackend.php b/library/Icinga/Authentication/Backend/LdapUserBackend.php
index b859dfb3d1..6622001804 100644
--- a/library/Icinga/Authentication/Backend/LdapUserBackend.php
+++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php
@@ -68,8 +68,16 @@ protected function createQuery($username)
      */
     public function assertAuthenticationPossible()
     {
-        $q = $this->conn->select()->from($this->userClass);
-        $result = $q->fetchRow();
+        try {
+            $q = $this->conn->select()->from($this->userClass);
+            $result = $q->fetchRow();
+        } catch (LdapException $e) {
+            throw new AuthenticationException(
+                'Connection not possible: %s',
+                $e->getMessage()
+            );
+        }
+
         if (! isset($result)) {
             throw new AuthenticationException(
                 'No objects with objectClass="%s" in DN="%s" found.',
@@ -158,7 +166,7 @@ public function authenticate(User $user, $password, $healthCheck = true)
             } catch (AuthenticationException $e) {
                 // Authentication not possible
                 throw new AuthenticationException(
-                    'Authentication against backend "%s" not possible: ',
+                    'Authentication against backend "%s" not possible: %s',
                     $this->getName(),
                     $e
                 );